bob sagart wrote: > > Hey everyone > The other night I decided to see what traffic I could capture on tcp > port 3127 (MyDoom backdoor) since I have been getting a lot of > connection attemps showing up in my firewall logs. > I got several dumps of the traffic using > nc -l -p 3127 > out.dmp > most of them are around 10-20kB which I thought was the about the > right size of most of the worms and backdoors using that port. But one > of the dumps I got was 150kB and I was just wondering if anyone could > tell me what I might be?
It's likely that it is one of the many (NAI counts more than 542) "Gaobot" (aka "Agobot") variants. NAI's description: http://vil.nai.com/vil/content/v_100785.htm To be sure simply check the file using Kaspersky's Online Virus Scanner: http://www.kaspersky.com/scanforvirus.html > I cannot send it as an attachment as hotmail says it is a virus. "Exploit-Mydoom.b"? Regards, Axel Pettinger _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html